[augeas-devel] Partial answer to augeas not being able to parse / deal with sshd_config Match blocks...
Spike White
spikewhitetx at gmail.com
Thu Apr 22 18:00:04 UTC 2021
Augeas people,
augeas has a problem dealing with Match blocks in /etc/ssh/sshd_config.
It's even documented in the notes in the lens file for that file.
I know that a general purpose parsing of a Match block in augeas is a
problem. I've tried. The problem is that augeas by default appends new
lines (where they're missing in original file) to the end of the file.
Thus if you have an existing Match block at the end of the sshd_config file
such as:
Match User servicepptprdvra
MaxSessions 999
ClientAliveInterval 360
ClientAliveCountMax 3
and you want augeaus to add UsePrivilegeSeparation yes as so:
Match User servicepptprdvra
MaxSessions 999
ClientAliveInterval 360
ClientAliveCountMax 3
UsePrivilegeSeparation yes
then this UsePrivilegeSeparation will not apply to all users & hosts (as
desired), but only to the user specified in the Match block condition.
In a nutshell, I think that's the problem with augeas dealing with a Match
block.
Is this a partial solution?:
If you restrict augeas so that every match block it writes and every Match
block it parses ends with a line:
Match All
to close an existing Match block, That is if you have this:
Match User servicepptprdvra
MaxSessions 999
ClientAliveInterval 360
ClientAliveCountMax 3
Match All
and you want augeaus to add UsePrivilegeSeparation yes as so:
Match User servicepptprdvra
MaxSessions 999
ClientAliveInterval 360
ClientAliveCountMax 3
Match All
UsePrivilegeSeparation yes
Then this UsePrivilegeSeparation will be applied to all users & hosts, as
desired.
This is a small restriction on the sshd_config syntax when using augeas,
but not egregiously so.
Spike White
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20210422/fffd4031/attachment.htm>
More information about the augeas-devel
mailing list